-
Notifications
You must be signed in to change notification settings - Fork 0
117 lines (99 loc) · 4.3 KB
/
Copy pathtesting.yaml
File metadata and controls
117 lines (99 loc) · 4.3 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
# Testing - Github Actions
#
# Security references:
# - https://securitylab.github.com/resources/github-actions-preventing-pwn-requests
# - https://securitylab.github.com/resources/github-actions-untrusted-input
# - https://securitylab.github.com/resources/github-actions-building-blocks
# - https://securitylab.github.com/resources/github-actions-new-patterns-and-mitigations
#
# Used actions:
# - actions/checkout
# repo: https://github.com/actions/checkout
# releases: https://github.com/actions/checkout/tags
#
# - astral-sh/setup-uv: set up uv environment
# repo: https://github.com/astral-sh/setup-uv
# releases: https://github.com/astral-sh/setup-uv/tags
# docs: https://docs.astral.sh/uv/guides/integration/github/
name: Testing
concurrency:
# see https://docs.github.com/en/actions/using-jobs/using-concurrency
# Run jobs on all commits - we're on free tier and want full diagnostic history
# cancel-in-progress: ${{ github.event_name == 'pull_request' }}
group: ${{ github.workflow }}-${{ github.ref }}
env:
# Enable colored output for pytest
# https://github.com/pytest-dev/pytest/issues/7443
# https://github.com/actions/runner/issues/241
PY_COLORS: 1
# Pin uv version for reproducible builds
# https://github.com/astral-sh/uv/releases
UV_VERSION: "0.9.21" # released on 2025-12-30
# Pin just version for reproducible builds
# https://github.com/casey/just/releases
JUST_VERSION: "1.46.0" # released on 2026-01-02
on:
pull_request:
types: [opened, reopened, synchronize]
push:
branches:
- main
permissions:
contents: read
jobs:
# see https://docs.astral.sh/uv/guides/integration/github/
python-tests:
name: python
runs-on: ubuntu-latest
timeout-minutes: 10
strategy:
fail-fast: false
matrix:
python-version:
- "3.14"
- "3.13"
- "3.12"
- "3.11"
- "3.10"
- "3.9"
- "3.8"
steps:
# repo: https://github.com/actions/checkout
# releases: https://github.com/actions/checkout/tags
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.1 released on 02-12-2025
with:
persist-credentials: false
fetch-depth: 0
- name: Remove sitecustomize.py
run: |
sudo rm -f /usr/lib/python3.*/sitecustomize.py
sudo rm -f /etc/python3.*/sitecustomize.py
# repo: https://github.com/astral-sh/setup-uv
# releases: https://github.com/astral-sh/setup-uv/tags
# docs: https://docs.astral.sh/uv/guides/integration/github
- name: Install pinned version of uv
uses: astral-sh/setup-uv@6ee6290f1cbc4156c0bdd66691b2c144ef8df19a # v7.1.6 released on 13-12-2025
with:
python-version: ${{ matrix.python-version }}
version: ${{ env.UV_VERSION }}
enable-cache: true
cache-dependency-glob: "uv.lock"
prune-cache: true
- name: Set up Python ${{ matrix.python-version }}
run: uv python install ${{ matrix.python-version }}
- name: Install the project
run: uv sync --all-groups
- name: Run tests
run: uv run pytest tests --color=yes --cov=src --cov-fail-under=50 --cov-report html:var/coverage/html --cov-report xml:var/coverage/pytest-cobertura.xml --cov-report term-missing -v
# repo: https://github.com/codecov/codecov-action
# releases: https://github.com/codecov/codecov-action/tags
- name: "Upload coverage to Codecov"
uses: codecov/codecov-action@1af58845a975a7985b0beb0cbe6fbbb71a41dbad # v5.5.2 released on 09-12-2025
with:
# Dependabot PRs cannot access CODECOV_TOKEN, so the upload fails even when tests pass.
# Coverage is uploaded correctly after merge to main where the token is available.
fail_ci_if_error: false # false is default
files: var/coverage/pytest-cobertura.xml
flags: unittests # optional
token: ${{ secrets.CODECOV_TOKEN }} # not required for public repos
verbose: true # false is default